Year in Review: 2021 in Cybersecurity
The year 2021 saw no shortage of major news related to cybersecurity. Changes at the Department of Homeland Security (DHS) subdivision, the Cybersecurity and Infrastructure Security Agency (CISA), brought a new approach to combating the international threats facing America, while greedy cybercriminals began asking for astronomical sums of money from their victims.
For the year as a whole, the defensive cybersecurity posture that America found itself in would lead to historic supply chain issues and new wide-ranging threats against both the public and private sector.
Although it seemed like there was a major breaking story related to Cybersecurity almost daily this year, there were some that were more consequential than others. That said, here is a month-by-month list of the most notable cybersecurity events in 2021.
-
- January: The weeks following the 2020 presidential election saw a bitter feud develop between then-President Donald Trump and CISA Director Christopher Krebs over the legitimacy of the election. After Krebs endorsed a November 17th Joint statement from the Elections Infrastructure Government Coordinating Council and the Election Infrastructure Sector Coordinating Executive Committees claiming that “The November 3rd election was the most secure in American history,” Trump would fire Krebs. Despite his public dismissal, in January, Krebs was hired as a consultant by SolarWinds, the entity that suffered perhaps the most wide-ranging cyberattack in history.
- February: DHS Director Alejandro Mayorkas rolls out new initiatives intended to improve American cybersecurity. These include a new plan that increases cybersecurity spending through Federal Emergency Management Agency (FEMA) grants and the new “Reduce the Risk of Ransomware Campaign,”
- March: Chinese Advanced Persistent Threat Group Hafnium targets Microsoft Exchange Server software in one of the most publicized hacks of the year. The hackers would gain access to email accounts belonging to more than US 30,000 organizations. The attack also prompted threats of sanctions against China from the US and European allies.
- April: Although reports of perhaps the notable hacking attack of 2021, the ransomware attack targeting Colonial Pipeline by Russia’s DarkSide Ransomware Gang, didn’t surface until May, the attack was actually initiated in late April. The attack shutdown the 5,500-mile pipeline responsible for supplying 45% of the east coast’s fuel.
- May: May saw an attack against meat manufacturer JBS Foods. This attack was carried out by the Russian-based outfit known as the REvil Ransomware Gang. The attack saw one of the largest ransom payouts in history, REvil receiving 11 million dollars from JBS Foods.
- June: In June, Colonial Pipeline CEO Joseph Blount appeared before Congress to answer questions regarding the DarkSide hack. Many in attendance were concerned with whether Colonial violated an Office of Foreign Assets Control (OFAC) advisory outlining penalties for American businesses that issue ransom payouts to individuals or groups under US sanctions.
- July: The REvil Ransomware Gang hacks IT infrastructure provider Kaseya. REvil uses a fake software update to infiltrate both Kaseya’s clients as well as their client’s customers. Up to one million systems are encrypted in the attack, and the group demands $70 million in bitcoin.
- August: New Director of CISA, Jen Easterly, rolls out the Joint Cyber Defense Collaborative at the Black Hat cybersecurity conference. “Big-Tech” companies Google, Amazon and Microsoft, are among the private sector companies that will work with the federal government to defend against future cyber-attacks against critical infrastructure and other targets.
- September: The South African Department of Justice was struck with a ransomware attack that takes their Department of Justice and Constitutional Development website and services offline. New Zealand’s postal service website is hacked along with several of the country’s largest banks as a result of a DDoS attack on September 7th. Labor Day weekend in America saw Howard University victimized by a ransomware attack that halts online classes.
- October: Sinclair Broadcast Group and their 185 local TV stations across America are targeted by Russian hackers. The attack shuts down email and data networks for Sinclair. An October 24 blog post from tech giant Microsoft reports that Russian hacking outfit Nobelium, who orchestrated the SolarWinds attack, spent several months attacking businesses reselling Microsoft cloud services.
- November: Security firm Palo Alto Networks reveals that hackers have breached nine entities in the education, technology, defense, energy, and health care sectors.
- December: As a result of the historic Abraham Accords brokered by President Donald Trump, the United Arab Emirates and Israel agree to exchange defense and cyber intelligence. CISA warns of the Log4j vulnerability, which could potentially impact hundreds of millions of devices.
2022 is sure to bring many new threats, especially as America’s enemies continue to harbor and sponsor Advanced Persistent Threats (APTs). The poorly performing Biden administration will have its work cut out for it in the effort to protect America’s critical infrastructure.
Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by numerous websites and he is regularly seen on National and International news programming.
